Passwords are a pain. Recent data from a survey conducted by Centrify Corporation confirms this, revealing that employees waste on average £261 a year in company time attempting to manage passwords.
That adds up quickly. In a company of 500 people that equates to over £130,000 annually. 38% of the 1000 surveyed said they had forgotten a password causing them to lose access to an account. 25% admitted they get locked out of accounts at least once a month because of multiple incorrect password entries.
Even the most diligent of us will have likely experienced forgetting a password at some point, especially if we manage a large number of accounts and do not use the same password for everything - as you should! It is not just a case of incompetence. The fact is passwords seem a little archaic in this day and age. Andy Kellet of Ovum agrees.
“We used to go to work and stay in one place,” said Kellett. “Now we are just as likely to be working from a remote office, on the train, or at home and simple passwords are neither robust nor secure enough to support secure, remote access.
“With today’s workforce also using social media and flexible remote tools and applications, we need to empower them to do this by allowing them to have more ownership of their identities and incorporate better, more balanced, security measures that also improve productivity,” he added.
The password is the security solution of yesteryear. No longer fit for purpose in modern business. Password managers are great, without them we'd be in an even worse situation - but they are far from ideal. 14% of respondents to the survey predicted they would have more than 100 passwords to keep track of in just five years time.
Despite the proliferation of passwords, only 15% of those surveyed thought passwords were secure. Furthermore, 13% of respondents said they would rather spend an hour of their time on a customer service line than face the task of managing all their passwords. 12% would prefer to sit next to a crying baby on a flight.
There are numerous contenders to replace the outdated password. One solution is a one-to-rule-them-all approach. Whereby a user would use a common service such as Google or Facebook to act as proof of identity for many different services. This might take some of the pain away from having to remember a multitude of passwords, but you are even more exposed should your Facebook or Google account be compromised. Can we really trust those services anyway?
SSO, or 'Single Sign On' is another solution increasingly popular with Enterprises. The premise of SSO is that a device or set of devices is assumed to be trusted by the network. A user need only supply one password in the morning to gain access to all services for the whole session. Sounds good, and indeed it is working well for a few enterprises, however it is not without its problems: